Add audit trail logging for PII field access in profile and deployment routes

[temma02]

Description

apps/backend/tests/compliance/verification.test.ts validates audit trail requirements but the actual routes do not emit audit log entries when PII fields (email, environment_variables) are read or written. This is a compliance gap.

Requirements and context

• Must be secure, tested, and documented where applicable
• Should stay reviewable and fit the current monorepo structure
• Relevant files: apps/backend/tests/compliance/verification.test.ts, apps/backend/src/app/api/auth/profile/route.ts, apps/backend/src/app/api/deployments/[id]/route.ts, apps/backend/src/lib/api/logger.ts

Suggested execution

• Create branch: issue-020-audit-trail-pii-field-access
• Keep changes scoped to the issue and reference the task IDs in the PR

Implement changes

• Extend createLogger to support an audit log level that writes to a separate sink
• Emit audit entries on: profile read/write, environment_variables read, deployment delete
• Include userId, action, resourceId, and timestamp in each entry

Test and commit

• Add tests verifying audit entries are emitted for each PII-touching operation
• Verify audit entries are not emitted for non-PII reads (e.g., template list)
• Security note: audit log entries must never contain the PII values themselves

Example commit message

feat(audit): emit audit log entries for PII field access

Guidelines

• Prefer small, reviewable PRs
• Keep naming and data contracts consistent with the spec docs

[utilityjnr]

@utilityjnr has applied to work on this issue as part of the Stellar Wave Program's 4th wave.

i would love to work on this issue

ℹ️ Repo Maintainers: To accept this application, review their application or assign @utilityjnr to this issue.

[Georgebingi]

@Georgebingi has applied to work on this issue as part of the Stellar Wave Program's 4th wave.

Hi my name is George and I'm a full stack develop I'll like to work on this issue because It picks my interest and Ive got experience with similar projects I'll have it solved in 24 hours or less

ℹ️ Repo Maintainers: To accept this application, review their application or assign @Georgebingi to this issue.

[drips-wave]

Congratulations, @utilityjnr! 🎉 Your application was accepted by the repo's maintainers, and the issue is due on April 29, 2026.

🧑‍💻 @utilityjnr: Please resolve the issue such that the repo's maintainers have enough time to review your contribution before the due date. You'll earn Points for completing the issue on-time, which will make you eligible for a share of the Stellar Wave Program's reward pool.

Warning

When opening a PR, please link it to this issue to ensure it gets tracked accurately. Points are awarded when this issue is marked as completed by the maintainer.

🤠 Repo maintainers: Please keep an eye on the contributor's progress and review their work before the due date. You can manage this issue, including adjusting its complexity and points, here.

🌊 Happy Wave 🌊